CISA Certified Information Systems Auditor – Question0196

An internal audit has found that critical patches were not implemented within the timeline established by policy without a valid reason. Which of the following is the BEST course of action to address the audit findings?

A.
Monitor and notify IT staff of critical patches.
B. Evaluate patch management training.
C. Perform regular audits on the implementation of critical patches.
D. Assess the patch management process.

Correct Answer: B